Wu-Ftpd File Globbing Heap Corruption Vulnerability

Wu-Ftpd is an FTP server based on the BSD 'ftpd' that is maintained by Washington University.

Wu-Ftpd allows clients to organize files for FTP actions based on "file globbing" patterns. File globbing is also used by various shells. The implementation of file globbing included in Wu-Ftpd contains a heap-corruption vulnerability that may allow an attacker to execute arbitrary code on a server remotely.

This vulnerability was initially scheduled for public release on December 3, 2001. However, Red Hat has made details public as of November 27, 2001. As a result, we are forced to warn other users of the vulnerable product so that they may take appropriate actions.


Privacy Statement
Copyright 2010, SecurityFocus